Group se_asymmetric
- group se_asymmetric
Since the amount of data that can (or should) be encrypted or signed using asymmetric keys is limited by the key size, asymmetric key operations using keys in a secure element must be done in single function calls.
Typedefs
-
typedef psa_status_t (*psa_drv_se_asymmetric_sign_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_hash, size_t hash_length, uint8_t *p_signature, size_t signature_size, size_t *p_signature_length)
A function that signs a hash or short message with a private key in a secure element.
- Param drv_context
[inout] The driver context structure.
- Param key_slot
[in] Key slot of an asymmetric key pair
- Param alg
[in] A signature algorithm that is compatible with the type of
key
- Param p_hash
[in] The hash to sign
- Param hash_length
[in] Size of the
p_hash
buffer in bytes- Param p_signature
[out] Buffer where the signature is to be written
- Param signature_size
[in] Size of the
p_signature
buffer in bytes- Param p_signature_length
[out] On success, the number of bytes that make up the returned signature value
- Retval PSA_SUCCESS
-
typedef psa_status_t (*psa_drv_se_asymmetric_verify_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_hash, size_t hash_length, const uint8_t *p_signature, size_t signature_length)
A function that verifies the signature a hash or short message using an asymmetric public key in a secure element.
- Param drv_context
[inout] The driver context structure.
- Param key_slot
[in] Key slot of a public key or an asymmetric key pair
- Param alg
[in] A signature algorithm that is compatible with the type of
key
- Param p_hash
[in] The hash whose signature is to be verified
- Param hash_length
[in] Size of the
p_hash
buffer in bytes- Param p_signature
[in] Buffer containing the signature to verify
- Param signature_length
[in] Size of the
p_signature
buffer in bytes- Retval PSA_SUCCESS
The signature is valid.
-
typedef psa_status_t (*psa_drv_se_asymmetric_encrypt_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_input, size_t input_length, const uint8_t *p_salt, size_t salt_length, uint8_t *p_output, size_t output_size, size_t *p_output_length)
A function that encrypts a short message with an asymmetric public key in a secure element.
- Param drv_context
[inout] The driver context structure.
- Param key_slot
[in] Key slot of a public key or an asymmetric key pair
- Param alg
[in] An asymmetric encryption algorithm that is compatible with the type of
key
- Param p_input
[in] The message to encrypt
- Param input_length
[in] Size of the
p_input
buffer in bytes- Param p_salt
[in] A salt or label, if supported by the encryption algorithm If the algorithm does not support a salt, pass
NULL
. If the algorithm supports an optional salt and you do not want to pass a salt, passNULL
. For PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is supported.- Param salt_length
[in] Size of the
p_salt
buffer in bytes Ifp_salt
isNULL
, pass 0.- Param p_output
[out] Buffer where the encrypted message is to be written
- Param output_size
[in] Size of the
p_output
buffer in bytes- Param p_output_length
[out] On success, the number of bytes that make up the returned output
- Retval PSA_SUCCESS
-
typedef psa_status_t (*psa_drv_se_asymmetric_decrypt_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_input, size_t input_length, const uint8_t *p_salt, size_t salt_length, uint8_t *p_output, size_t output_size, size_t *p_output_length)
A function that decrypts a short message with an asymmetric private key in a secure element.
- Param drv_context
[inout] The driver context structure.
- Param key_slot
[in] Key slot of an asymmetric key pair
- Param alg
[in] An asymmetric encryption algorithm that is compatible with the type of
key
- Param p_input
[in] The message to decrypt
- Param input_length
[in] Size of the
p_input
buffer in bytes- Param p_salt
[in] A salt or label, if supported by the encryption algorithm If the algorithm does not support a salt, pass
NULL
. If the algorithm supports an optional salt and you do not want to pass a salt, passNULL
. For PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is supported.- Param salt_length
[in] Size of the
p_salt
buffer in bytes Ifp_salt
isNULL
, pass 0.- Param p_output
[out] Buffer where the decrypted message is to be written
- Param output_size
[in] Size of the
p_output
buffer in bytes- Param p_output_length
[out] On success, the number of bytes that make up the returned output
- Retval PSA_SUCCESS
-
struct psa_drv_se_asymmetric_t
- #include <crypto_se_driver.h>
A struct containing all of the function pointers needed to implement asymmetric cryptographic operations using secure elements.
PSA Crypto API implementations should populate instances of the table as appropriate upon startup or at build time.
If one of the functions is not implemented, it should be set to NULL.
-
typedef psa_status_t (*psa_drv_se_asymmetric_sign_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_hash, size_t hash_length, uint8_t *p_signature, size_t signature_size, size_t *p_signature_length)